Executive Dashboard

Owned by Svetlana Sheptiy
Last updated: May 15, 2024 by Andrew Madge
8 min read

This page applies to Snare Central v8.2.0 and later.
Note: in v8.6.0 the page was renamed from 'Dashboard' to 'Executive Dashboard'.

Overview

Snare Central Executive Dashboard provides System Health indicators and Events Collection statistics, allowing quick and easy access to critical data and quicker response to the emerging issues.
The dashboard uses Green-Orange-Red color scheme for status indicators.


The Dashboard contains the following components:

Snare Central Health Status

Provides color-coded indicators of various Snare Central Health metrics.

Note: when the side menu is expanded, the values in the status cards are hidden. 

System Status

Current status of Snare Central Health Checker. Updates every 1 minute.
The Health Checker combines most key aspects of system operation (depending on configuration), including, but not limited to: licensing, key services status, integrity checks, available disk space, Reflector destinations status and more. 

Color-coding: green - normal operation, orange - warning, red - error.

Click the System Status card to navigate to Status > Snare Health Checker page for more details.

CPU Usage

CPU Usage percentage averaged across all cores.

Color-coding: green - up to 60%, orange -  greater than 60%, red - greater than 80%

Click the CPU Usage card to navigate to Status > System Status page, then click CPU tab for more details.

Event Activity

Average Bytes per Second received during the past 1 minute.

Color-coding: green - normal operation, red - Collector service is not responding.

Click the Event Activity card to navigate to Status > Snare Health Checker page and scroll down to Collector/Reflector sections for more details.

Archive Usage

Indicates disk and inode usage percentage by Snare Archive.

Color-coding: green - normal operation, up to 80% of disk and/or inode usage, orange - warning, 81-85% of disk usage, or 81-90% of inode usage, red - above 85% of disk usage or above 90% of inode usage.
Note: these thresholds are configurable in Snare Health Checker

Click the Archive Usage card to navigate to Status > Snare Health Checker page for more details.

Collection and Reflection Statistics



Provides Events Collection and Reflection statistics.

Note: when the side menu is expanded, the values in the status cards are hidden. 

Destinations

Number of configured destinations for Snare Reflector.
Snare Reflector has 2 default internal destinations, reflecting to localhost ports 6170 (Snare format) and 6171 (Syslog format).
Additional destinations can be configured to reflect to other servers or 3rd party log analysis tools.

Color-coding: green - normal operation, red - at least one Destination is not reachable.

Click the Destination card to navigate to Status > Snare Health Checker page and scroll down to Collector/Reflector sections for more details.

Recent Events

Incoming Events per Second. Updates every 1 minute.

Color-coding: green - normal operation, red - Collector service is not responding.

Click the Recent Events card to navigate to Status > Snare Health Checker page and scroll down to Collector/Reflector sections for more details.

Total Events/24h

Total number of events collected by Snare Central Collector in the past 24 hours, or since last Collector/Reflector restart.

Color-coding: green - normal operation, red - Collector service is not responding.

Click the Total Events/24h card to navigate to Status > Snare Health Checker page and scroll down to Collector/Reflector sections for more details.

Total Bytes/24h

Total number of bytes collected by Snare Central Collector in the past 24 hours, or since last Collector/Reflector restart.

Color-coding: green - normal operation, red - Collector service is not responding.

Click the Total Bytes/24h card to navigate to Status > Snare Health Checker page and scroll down to Collector/Reflector sections for more details.

SAM Health Status


Provides color-coded indicators of various Snare Agents Manager (SAM) metrics.
Click  to open SAM in a new tab

License Allowances

Number of licensed entities.

Color-coding: green - used licenses do not exceed allowance.

Click   to find more details in Table View
Click   to close Table View.

License Expiry

Indicates whether there are licenses that are about to expire or have already expired.

Color-coding: green - active license, orange - license is about to expire within the next 30 days, red - license has expired.

Click   to find more details in Table View
Click   to close Table View.

Support Expiry

Indicates whether license support is about to expire or have already expired.

Color-coding: green - active support, orange - support is about to expire within the next 30 days, red - support has expired.

Click   to find more details in Table View
Click   to close Table View.

Connected Agents

Number of Snare Agents that have connected to SAM within the last 5 minutes.
% out of all agents known to SAM.
Color-coding: green - all agents are connected, orange - warning: 1 or more unreachable agents.

Not Reachable Agents

Number of Snare Agents that have not connected to SAM within the last 5 minutes.
% out of all agents known to SAM.
Color-coding: green - 0 unreachable agents, orange - warning: 1 or more unreachable agents.

Events or Bytes per second over the last 3 hours

   

This Line chart shows the number of incoming and outgoing events or bytes per second over the last 3 hours.
Time period can be adjusted between last 10 minutes and last 24 hours by using either a slider or an input field.

Outgoing events are charted by Reflector Destination, labeled in the format of <destination_ip>:<port>
Note: 127.0.0.1:6170 and 127.0.0.1:6171 are special Snare Central internal destinations for Snare and Syslog events respectively.

Click on a destination in the chart legend to toggle its visibility.

Click to flip between Events per Second and Bytes per Second charts.

Click  to expand the chart to Full Screen view.

Click  to exit Full Screen view.

Chart Canvas Controls

Chart canvas controls


Chart canvas controls allow to perform common actions on a displayed chart area:

 Zoom Selection - allows to select an area to zoom into. Toggle this button, then click and hold on the area of a chart and drag to the left or to the right to select the area to zoom into.
 Zoom Restore - reverts the above zoom selection
 Save as Image - allows to download the chart canvas as an image
 View Raw Data - displays the chart data in plain text view. Click Return to return to the chart view.
 Line Chart - displays the chart as a Line Chart
 Bar Chart - displays the chart as a Bar Chart
 Stacked - displays data series stacked on top of each other
 Tiled - displays each data series separately, relative to 0 (the opposite of Stacked)
 Reset - resets all above made changes to the default chart settings.

Note: various charts on the dashboard may have all or some of the above controls depending on the context.

Historical Collection



This Bar chart displays the number of Events and Bytes collected daily by Snare Central over the last 30 days.
From v8.6.0, Historical Collection graph displays additional column for Compressed Bytes, and shows summary of received data volume vs stored compressed data volume, highlighting data storage saving.

Time period can be adjusted from last 7 days to last 365 days, using either a slider or the input field.

Click on a data series in the chart legend to toggle its visibility.

Click  to expand the chart to Full Screen view.

Click  to exit Full Screen view.

Events Heat Map

This interactive heat map displays the total number of events received over a 15 days period.
Time period can be adjusted from last 7 days to last 60 days, using either a slider or an input field.

The coloured rectangles indicate the number of events received during the 15 minute period relative to the scale shown at the bottom of the graph.
Further details on the number of events received can be ascertained by placing the mouse cursor over the coloured rectangles.

Click a cell in the heat map to explore the events for this 15 minute period.
An interactive pie chart will be displayed showing events distribution by either Log Type or System the event originated from. 

Click on a data series in the chart legend to toggle its visibility.

Click on a data series on the pie chart to drill down and view Log Types for the selected System, or Systems for a selected Log Type, displayed on the same pie chart as an outer layer.

 

Click on a data series on the outer layer of the pie chart to view raw events data in a Table View.

Click on the column header to sort events by this column.

Click on a table row to display the contents of that specific log entry.

Use filters in the table to view events of interest.

Click the arrows at the bottom of the component to collapse or expand the Table View and the Pie Chart. 

Click  to expand the chart to Full Screen view.

Click  to exit Full Screen view.

Live Events

        

Live Events chart displays Bytes and Events per Second collected by Snare Central from latest 10 sources.
The source is indicated by either host name or IP address, depending on its configuration.
This chart refreshes every 2.5 seconds.

Click  to pause and review the data.

Click  to resume data refreshing every 2.5 seconds.

Click on a data series in the chart legend to toggle its visibility.
Click  Events Table to see the incoming events per system and per log type.

Click  Systems Graph to return to the chart view.

Click  to expand the chart or the table to Full Screen view.

Click  to exit Full Screen view.

Click the chart area to navigate to Status > Monitor Live Data page for more details.

Scheduled Reports Status

Status of reports executed within the past 7 days or scheduled in the future.
The reports are grouped by the configured report criticality.

Click  to expand each section and view the details of the reports.

Click  to collapse the expanded section

Click the report row in the table to navigate to the Report's page.